×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

VP - IT Infrastructure & Security

Job in Bloomington, Hennepin County, Minnesota, USA
Listing for: Invictus Capital Partners
Full Time position
Listed on 2026-06-08
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 160000 - 175000 USD Yearly USD 160000.00 175000.00 YEAR
Job Description & How to Apply Below

VP - IT Infrastructure & Security

Department: Information Technology - Data & Reporting

Employment Type: Full Time

Location: Bloomington, MN

Reporting To: IT Operations Manager

Compensation: $160,000 - $175,000 / year

Description

We are seeking a VP - IT Infrastructure & Security to architect, secure, and operate a modern hybrid enterprise infrastructure.

This role operates at the intersection of network engineering, cloud architecture, endpoint security, and cybersecurity governance.

You will be responsible for designing and enforcing a defense-in-depth security model, implementing Zero Trust Architecture, and ensuring end-to-end protection of identity, devices, networks, applications, and data across the organization.

This is a hands‑on technical leadership role with ownership of architecture, security strategy, and operational excellence.

This position requires 24/7 on‑call availability, with regular working hours of Monday through Friday, 8:00 AM to 5:00 PM.

Responsibilities and Duties:

Enterprise Architecture & Zero Trust Design
  • Design and implement end‑to‑end enterprise architecture across on‑prem and cloud environments (Azure‑first strategy).
  • Lead adoption of Zero Trust Architecture (ZTA):
    • Identity‑driven access (Azure AD / Entra )
    • Device trust enforcement (Intune / MDM compliance)
    • Network segmentation & micro‑segmentation
    • Continuous verification and least‑privilege access
  • Establish defense‑in‑depth strategy across:
    • Perimeter (firewalls, NAC)
    • Internal network (segmentation, NAC)
    • Endpoint (EDR/XDR)
    • Identity (MFA, Conditional Access)
    • Data (DLP, encryption)
Advanced Network Engineering & Security
  • Architect and manage enterprise‑grade networking across Netgear, Cisco Meraki, and hybrid WAN environments.
  • Design and enforce multi‑tier VLAN architecture, segmentation, and secure routing strategies.
  • Configure and optimize Fortinet Forti Gate Firewalls:
    • Advanced threat protection (IPS, SSL inspection)
    • ZTNA enforcement
    • Application control and traffic shaping
  • Deploy and manage Forti

    NAC:
    • Device profiling and posture assessment
    • Automated quarantine/remediation policies
    • Integration with AD, RADIUS, and endpoint tools
  • Implement and manage RADIUS / 802.1X authentication for secure network access.
  • Perform deep network analysis including packet capture, traffic inspection, and anomaly detection.
  • Integrate network telemetry into centralized logging / SIEM pipelines.
Cloud Infrastructure & Hybrid Identity (Azure)
  • Architect and manage Microsoft Azure environments:
    • VMs, VNets, NSGs, load balancers, private endpoints
    • Hybrid connectivity (VPN, Express Route)
  • Design secure identity architecture using Azure AD (Entra ):
    • Conditional Access policies
    • MFA enforcement (Duo/Yubi Key integration)
    • Identity Protection & risk‑based access
  • Integrate on‑prem Active Directory with Azure AD for hybrid identity governance.
  • Implement role‑based access control (RBAC) and privileged identity management (PIM).
  • Drive infrastructure‑as‑code (IaC) and automation strategies.
Endpoint Security, MDM & Device Governance
  • Architect enterprise endpoint strategy using:
    • Microsoft Intune (MDM/MAM)
    • Device compliance policies, configuration profiles, and security baselines
  • Enforce Zero Trust device posture validation before granting access.
  • Implement full device lifecycle management (provisioning → compliance → decommissioning).
  • Secure both corporate and BYOD environments with strict policy enforcement.
Advanced Threat Protection & Data Security
  • Lead deployment and optimization of Crowd Strike Falcon (EDR/XDR platform):
    • Policy creation and tuning
    • Behavioral threat detection and threat hunting
    • Automated containment and response
  • Design and enforce data protection strategies:
    • Data classification and labeling
    • Encryption (at rest, in transit)
  • Implement multi‑layered security controls across all attack surfaces.
  • Conduct vulnerability management and coordinate remediation using enterprise tools.
Email Security & Domain Protection
  • Architect and enforce email authentication and anti‑spoofing controls:
    • DMARC, DKIM, SPF
  • Monitor and respond to phishing campaigns and domain abuse.
  • Manage DNS security, domain configurations, and SSL/TLS certificates via GoDaddy or enterprise DNS providers.
  • Oversee certificate lifecycle…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search